Computer Security & Technology

This article is not a hacking tutorial. This is only to be used for educational purposes and should not be exploited.

Using simple command line tools on a machine running Windows XP, we will obtain system level priviledges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. This system account allows for several other things that aren’t normally possible (like resetting the administrator password).
The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager process list, as seen in the following screen shot:
Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message.

The following quote from Wikipedia explains this in a easy to understand way:

: In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.

Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.   Procedure to get system level access and previlege escalation in windows I will now walk you through the process of obtaining SYSTEM privileges and a demonstration of this Windows XP admin exploit / super user hack 

go on reading »

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

     Leet is a phrase often used on the Internet, some being online games, message boards, and chat rooms. It comes from the word “elite”, meaning “above everyone else”. It’s most commonly written as “1337″ or “l33t”. It can also be written differently, the numbers 1, 3 and 7 standing for L, E and T respectively.

A Leet Speak Alphabet
* A—4,/-\,/_\
* B—8,|3 and very uncommonly 13
* C—<,{,[,(
* D---|>,|),|},|]
* E—3
* F—|=,ph
* G—[,-
* H---|-|,[-].{-},|=|,[=],{=}
* I—1,|
* J—usually the J is untouched
* K—|< ,1 <
* L—|_,|,1_
* M—|\/|,^^
* O—0,(),[],{}
* P—|o,p,|O
* Q—O, or 9
* R—|2,12
* S—5,$
* T—7,+
* U—|_|
* V—\/
* W—\/\/,(/\), \^/
* X—><,
* Y—j
* Z—Z

Numbers for letters
One of the qualities of leet speak is using numbers to replace letters. Many words have numbers leet speak.
* 1 — L, I (I is more often shown as |, and sometimes as ][)
* 2 — Z (not in common usage)
* 3 — E
* 4 — A
* 5 — S
* 6 — G (not in common usage)
* 7 — T (can also be L)
* 8 — B
* 9 — G
* 0 — O (Occasionally represented by “()”)
Below is a simple javascript I wrote to translate English into leet.

CNN writes that more than 70 million web domain names have been purchased, and most - if not all - dictionary-word domain names (i.e. house.com, furniture.com) have already been taken. That should not disappoint you since millions of good web domain names are still available, all that’s required is a bit of creative thinking, some permutation-combinations and a good tool for searching free domain names that have never been registered before or the owner failed to renew the expired domain name. 3rdeye, a UK based company, has launched a very useful AJAX based Internet domain search tool called DomJax that instantly check availability of a name across a wide variety of domains. Just type in any word and DomJax would instantly tell you if a .com extension is available or not. It even searches availability across the boutique extensions such as .co.uk, .net, .edu and .info. The most impressive part of DomJax is the whois report that it generates in real time - even if a domain name is not available, you can hover the mouse over the domain name (no click required) and DomJax pops up a neat “thought bubble” which has all the information about that domain like who owns it, when it will expire and how to contact the owner.

Seeing all these guys, I am more than motivated to get a customized plate myself. I am thinkin 31337 or r00t or something on those lines. Meanwhile check out these uber geeks and their licence plates. Sources for the pics include Google Pictures, Flikr, geek24 and one of the best compilation of geeks and their plates including their names, cars and other good stuff at webreference.

My favorite plates ….

Read the rest of this entry »

Many of us use the terms programmer and developer interchangebly. Hacknot has an excellent article describing the concept the the terms programmer and developer are indeed as unique as how they are made out to be.

The term programmer has historically referred to a menial, manual input task conducted by an unskilled worker. However since the age of EDIAC and EDVAC have passed on, the modern programmer loves writing code and usually see their sole function in an organization as being the production of code, and view any task that doesn’t involve having their hands on the keyboard as an unwanted distraction.

Developers like to code as well, but they see it as being only a part of their job function. They focus more on delivering value than delivering program text, and know that they can’t create value without having an awareness of the business context into which they will deploy their application, and the organizational factors that impact upon its success once delivered.

Some other differences between programmers and developers according to the article

Programmers like to stay as ignorant as possible of the business within which they work. They consider the problem domain to be the realm of the non-technical, and neither their problem or concern.Developers view the business domain as their “second job.” They work to develop a solid understanding of those aspects of it that impact upon their software, then use that knowledge to determine what the real business problems are.

Programmers crave new technologies the way children crave sweets. They are forever flitting from one programming language, framework, library or IDE to the next. Developers have a much more cautious approach to new technology. They know that a new technology is inevitably hyped through the roof by those with a vested interest in its success, but that the reality of the technology’s performance in the field often falls short of the spectacular claims made by proponents.

Programmers often focus so intently upon the technologies they use that they come to believe that technology is the dominant factor influencing the ultimate success or otherwise of their projects. For developers, the dominant factors influencing the quality of your application, and ultimately its success or otherwise, are the quality of the people doing the development and the work methods that they follow.

Programmers try to solve every problem through coding whereas Developers know that coding effort is best reserved for the application itself. Other differences include Developers seek repeatability, programmers like one-off heroics and Programmers like complexity, developers favor simplicity. Also, developers care about users whereas Programmers often view their user base with disdain or even outright contempt, as if they are the ignorant hordes to whose low technical literacy they must pander and finally

Developers work, programmers play

Read on more at hacknot for the rest of the article